case sensitivity issue with password login

Question

berserk 60 Junior Poster

10 Years Ago

I cannot get the login to work right, everytime i change anything little thing it stops working all together which is unacceptable. So far i have the login reading from the admin table i created, this is good but the issue is my passwords are not being read as case sensitive even though they are displaying on the table as case sensitive i.e. table password = "Admin" but can login using "admin" my username doesnt matter much so that im not worried about. Also one last note i understand that you should never store passwords as plain text but it doesnt matter in the application im working on so im not worried about it, but this functionaility is crucial and i need it. here is my code:

this is the login.php

<?php

session_start();
$con = mysqli_connect("localhost", "root", "", "numbers") or die(mysqli_error($con));


if(isset($_POST['login']))
{
    //get username and password entered by user
    $myusername=mysqli_real_escape_string($con,$_POST['username']);
    $mypassword=mysqli_real_escape_string($con,$_POST['password']);

    $sql="SELECT username, password FROM admin WHERE username='".$myusername."' AND password='".$mypassword."'";
    $check= mysqli_query($con,$sql);
    $row = mysqli_fetch_row($check);
    if($row[0]!="" && $row[1] !="") //compare username and password to ones  found in database
    {

         ## set logged_in to true
        $_SESSION['logged_in']= true;
         ## set username session
        $_SESSION['username'] = $row[0]; 

        header('location: table.php');
        exit();
    }
    else
    {
        $error="Your Login Name or Password is invalid";
        //echo "$error";
        //echo "<META http-equiv=' refresh' ;URL='index.php'>";
    }
}

?>
<html>
<head>
<!-- Basics -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Login</title>
<!-- CSS -->
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/animate.css">
<link rel="stylesheet" href="css/styles.css">
</head>
<body>
<!-- Main HTML -->
<!-- Begin Page Content -->
<div id="container">
<?php echo ($error ? $error : '' );?>

<form action="index.php" method="post">

<label for="name">Username:</label>
<input type="name" name="username" id="username">
<label for="username">Password:</label>
<input type="password" name="password" id="password">
<div id="lower">
<input type="submit" value="Login" name="login" id="login">
</div>
</form>
</div>
</body>

</html>

and this is the adduser.php i use to add new admins to the table. It adds the passwords with case sensitivity but its not being compared as such in the login script or at least i think so because im not entirely sure.

<?php 

session_start();
if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false){
    header('location: index.php');
    exit();
}

include('header.php');

$con = mysqli_connect("localhost", "root", "", "numbers") or die(mysqli_error($con));   

//submission code, inserting data into mysql database   

$admin = mysqli_real_escape_string($con, "X");
$username = NULL;
$password = NULL;
$mySqlDate = date('Y-m-d');
$mySqlTime = date('g:i a');


echo"
<form method='get' action='adduser.php'>
<table  width='400' border='0' cellspacing='1' cellpadding='2'>


<div style = 'margin-bottom: 100px' >
<tr width='200'>
<font size='6'>
Add a New User with Administrative Privileges
<br>
<br>
</tr>
</font>
</div>


<tr>
<td width='100'>Username:</td>
<td>
<input name='username' type='text' id='username'>
</td>
</tr>

<tr>
<td style='width:100%;' width='200'>Password:</td>
<td>
<input name='password' type='text' id='password'>
</td>
</tr>

<tr>
<td>
<div class = 'exportbtn'> 
<input name='submit' class='btn btn-info' type='submit' id='adduser' value='Add User'>
</div>
</td>
</tr>

</table>
</form>

<form method='post' action='table.php' >

<div class = 'exportbtn'> 
<input type='submit' class='btn btn-info' value='Return To Table' name='export'>
</div>

</form>

";

if(isset($_GET['submit']))
{
    $username = $_GET['username'];
    $password = $_GET['password'];


//filter out non numeric and special characters
$username = mysqli_real_escape_string($con, $_GET['username']);
$password = mysqli_real_escape_string($con, $_GET['password']);


$check = mysqli_query($con, "SELECT count(*) FROM admin WHERE username = '".$username."'") or die();
$row = mysqli_fetch_row($check);


if ($row[0] == 0)
{
    $sql="INSERT INTO admin (username, password, date, time, admin) VALUES ('".$username."','".$password."','".$mySqlDate."','".$mySqlTime."','".$admin."')";

    if (!mysqli_query($con,$sql)) 
    {
        die('Error: ' . mysqli_error($con));
    }
        //echo "false";
    //$length = "Remember to use lower case letters and do not use spaces";
    //echo "<font size='5' color='blue'>".$length."</font> ";
}
}

echo"
<form method='get' action='addlesseruser.php'>
<table  width='400' border='0' cellspacing='1' cellpadding='2'>


<div style = 'margin-bottom: 100px' >
<tr width='200'>
<font size='6'>
Add New Report Management User
<br>
<br>
</tr>
</font>
</div>


<tr>
<td width='100'>Username:</td>
<td>
<input name='username' type='text' id='username'>
</td>
</tr>

<tr>
<td style='width:100%;' width='200'>Password:</td>
<td>
<input name='password' type='text' id='password'>
</td>
</tr>

<tr>
<td>
<div class = 'exportbtn'> 
<input name='submit' class='btn btn-info' type='submit' id='adduser' value='Add New Report Management User'>
</div>
</td>
</tr>

</table>
</form>

<form method='post' action='table.php' >

<div class = 'exportbtn'> 
<input type='submit' class='btn btn-info' value='Return To Table' name='export'>
</div>

</form>

";

?>

I just need the passwords to read as case senitive and that will be the last issue i face when getting the whole program up and running in house, thank you all for all of the generous help you have given me. I could not have don eit without u or this website!

php

3 Contributors
5 Replies
281 Views
15 Hours Discussion Span
Latest Post 10 Years Ago Latest Post by berserk

veedeoo 474 Junior Poster

10 Years Ago

you can make the password all lower case. Although I do not agree with the use of a superglobals $_GET to process user credentials, you can do it like this

Everytime the form is submitted, you can covert the password to lower case

$password = strtolower($_GET['password'];

pritaeas 2,194 ¯\_(ツ)_/¯

10 Years Ago

you should never store passwords as plain text

If you change the collation of the password column, you can set it to case sensitive. A collation ending in _ci is often default, meaning case insensitive.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

berserk 60 Junior Poster · Answer 1 · 2014-08-10T03:22:50+00:00

ok but will this fix my issue, cause i need the passwords to be case sensitive and righ tnow they are not, i want "Admin" to be different from "admin"
do i do a comparison with lower case letters first? sorry but this problem is confusing to me :/

berserk 60 Junior Poster · Answer 2 · 2014-08-10T16:13:33+00:00

OKAY im on the right track here but no wim getting this error and i dont know why.

Warning: mysqli_fetch_row() expects parameter 1 to be mysqli_result, boolean given in C:\AppServ\www\admin\index.php on line 15

i put the COLLATE in the login prompt and it seems to be blocking my login but unfortunatly now its blocking any type of login so idk what to do, ive seen others with this same function but it works for them why wont it simply work for me!?

berserk 60 Junior Poster · Answer 3 · 2014-08-10T16:22:01+00:00

nvm i figured it out, turns out the easiest way to do this is use the word binary when doing the selection of the password and username fields from your table.

example:

$sql="SELECT username, password FROM admin WHERE BINARY username='".$myusername."' AND BINARY password='".$mypassword."'";